I am using
pass
to manage some of my credentials. I use it on multiple machines, so I need a way to sync the underlying git repository. This can be accomplished by setting up a (private) git repository that is centrally reachable. No need to use a public code forge (like github, gitlab, codeberg or sourcehut), any machine that has git installed and is reachable via SSH
will do
. Create a “bare” repository on the ssh server (git init --bare <repository-name>). On the client machines that will make use of pass, add the ssh server as remote. For convenience, pass wraps git, so pass git <git-command-arguments> operates on the underlying git repository. pass git remote add origin <user@server:path-to/repository-name> adds the repo on the ssh server as a remote. pass git push syncs all the changes to the ssh server. To automate this, create the following post-commit hook in the underlying git repo on each client machine:
#!/usr/bin/sh
set -euxo pipefail
git pull --rebase origin master
git push origin master
This ensures that whenever a password is created or changed, the changes are automatically synced to the shared central repo on the ssh server.